1 From ce5732e84fc46d7f99c152f736cfb4ef5ec98a01 Mon Sep 17 00:00:00 2001
2 From: Simon Kelley <simon@thekelleys.org.uk>
3 Date: Sun, 20 Dec 2015 21:39:19 +0000
4 Subject: [PATCH] NSEC3 check: RFC5155 para 8.2
7 src/dnssec.c | 8 ++++++--
8 1 file changed, 6 insertions(+), 2 deletions(-)
10 diff --git a/src/dnssec.c b/src/dnssec.c
11 index 9fa64b6..486e422 100644
14 @@ -1704,7 +1704,7 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
15 for (i = 0; i < nsec_count; i++)
17 unsigned char *nsec3p = nsecs[i];
19 + int this_iter, flags;
21 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
23 @@ -1716,8 +1716,12 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
28 + flags = *p++; /* flags */
31 + if (flags != 0 && flags != 1)
34 GETSHORT(this_iter, p);
35 if (this_iter != iterations)